Search RPD Archives
[AFRINIC-rpd] RE: IPv4 Address Allocation and Assignment proposal
keshwarsingh.nadan at millenium.mu
Tue Sep 10 20:18:06 UTC 2013
Well I’ve been told the following:
"I believe that any meaningful data/log collected from a monitoring system (obfuscating critical customer details will be accepted - f.i a graph over a certain period of time of the number of IP addresses in used, the pool from which these addresses come from, concurrent number of customers/virtual-servers"
obfuscating critical data ? asking a network engineer by profession to obfuscate critical customer details ? Is that in other words called tampering with data / log / graphs ?
Assuming that critical customer details can be obfuscated & will be accepted, there is nothing which prevents one from modifying numbers displayed on the graphs axis! I believe such graphs should be sent as it is without being obfuscated..
If AfriNIC requires such kind of info, I humbly request that such a clause to be included in the policy..
From: Andrew Alston [alston.networks at gmail.com] on behalf of Andrew Alston [aa at alstonnetworks.net]
Sent: Tuesday, September 10, 2013 11:38 PM
Cc: Keshwarsingh Nadan; rpd at afrinic.net
Subject: Re: [AFRINIC-rpd] RE: IPv4 Address Allocation and Assignment proposal
I object to giving AfriNIC any information can could be considered
commercially sensitive as such. Graphs of allocated IP's is an
interesting question and I'd have to think that through, but there is a
reason why when asked for invoices for proof of infrastructure I strongly
believe that anyone supplying such should have the full right to redact
any financial figures for example.
Furthermore, graphs of DHCP leases for example would be meaningless, since
DHCP servers typically hold onto leases for hours after they have been
released, graphs of concurrent subscribers connected, well, again, it
depends on just how many NDA's AfriNIC is prepared to sign, I hold by the
fact that the MSA does not in any way shape or form have strong enough
non-disclosure clauses to cover information like this.
I realise that IANA may not have a process to cover a complaint like this,
that does not mean a complaint cannot be submitted in some or other form
or that such a process cannot be defined. To be quite blunt, I doubt IANA
has ever *NEEDED* a process like that because I strongly suspect that no
RIR has ever attempted to demand access to members equipment, and worse
still, demand access to members client equipment....
As a matter of interest to people on this list, I would like to conduct an
impromptu survey which may form the grounds of further policy/actions.
How many of you have had requests from AfriNIC for access to
How many of you granted such access
In the event of such a request coming from AfriNIC, would such a request
be permissible within the bounds of your organisations security policies
Even if it did some how pass the policies, how many of you would feel
comfortable/willing to grant that access.
More information about the RPD